WinRAR: The wrong way of answering to a critical vulnerability

With over 500 million users worldwide, WinRAR is by far the most popular compression program.
An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software.

The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system.

The issue is located in the Text and Icon function of the Text to display in SFX window module.  Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The security risk of the code execution vulnerability is estimated as critical with a CVSS(common vulnerability scoring system) count of 9.2.

Exploitation of the code execution vulnerability requires low user interaction (open file) without privilege system or restricted user accounts. Successful exploitation of the remote code execution vulnerability in the WinRAR SFX software results in system, network or device compromise.

Simple words: Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.

 

ZDNet contacted the creators of the software, Rar Labs and the answer left me baffled when they explained ZDNet that as SFX archives can run contained executable files — and is required by installers — any SFX archive is potentially dangerous for users.

WinRAR said in a statement:

“We can say that limiting SFX module HTML functionality would hurt only those legitimate users, who need all HTML features, making absolutely no problem for a malicious person, who can use previous version SFX modules, custom modules built from UnRAR source code, their own code or archived executables for their purpose. We can only remind users once again to run .exe files, either SFX archives or not, only if they are received from a trustworthy source.

So, don’t run SFX that you don’t know or trust. I couldn’t agree more with this statement. But, this should be added just as a precaution and not as the solution.

 

Recommended solution: 

Go to Control Panel ->Programs and Features -> Select Winrar and click Uninstall.

 

winrar-uninstall

Download 7-ZIP from here FOR FREE.


© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close